TLS Updates
Newtek is firmly committed to providing the highest level of security for out merchants developers and partners. In 2015 the PCI Security Standards Council mandated that merchants discontinue the use of Transport Layer Security (TLS) 1.0 by June 2018. The TLS 1.0 encryption standard no longer meets minimum security requirements due to vulnerabilities in the protocol that cannot be fixed. It is critically important that all entities upgrade to a TLS 1.2+ and disable any fallback to TLS v1.0 as soon as possible.
Important Dates
Newtek will begin phasing out TLS 1.0 and 1.1 over the next few months. The date each environment will be phased out is listed below:
Environment | URL | Date |
---|---|---|
Sandbox | sandbox.newtekgateway.com | February 1, 2018 |
Primary URL | secure.newtekgateway.com | June 29, 2018 at 10 AM PST |
We encourage merchants and developers to migrate an outdated software as soon as possible.
Testing Your Update
The easiest way to test that you are no longer using an insecure encryption protocol is to test against the our sandbox environment after the insecure protocol has been depreciated on 2/1/2018.
Click here for more information on requesting a sandbox account.
Learn More
For frequently asked questions and more information on why the change is being made, click here.
Workarounds
Below we have outlined some environments we have determined may be effected by this change as well as some workarounds for each.
.NET Framework
.Net Framework 3.5 and below does not support TLS 1.2.
.Net Framework 3.5.1 Microsoft Support has an update and instructions: https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework
.Net Framework 4.5 supports TLS 1.2 but does not use it by default, the following needs to be added before connecting:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
Found here https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/
4.6+ Should support TLS 1.2 by default.
DotNet DLL
If you are using the DotNet DLL, you will not need to recompile your software, just update the .NET Framework as noted in the section above. Then drop in the replacement DLL file listed below according to the current version you are using.
If you are using version... | Update to version: |
---|---|
Versions 1.** or 2.** | DotNet DLL 2.0 |
Version 3.0 and above | DotNet DLL 4.0 |
DotNet DLL Scanner Tool
The scanner tool listed below should locate your current DLL version, update it to be TLS 1.2 compatible and update your .NET Framework as well. Simply download and run the tool.
.NET Payment Engine SDK
If you are using the .Net Payment Engine SDK, you can use the instructions above to update your .Net Framework, or download the latest version of the .NET Payment Engine SDK here.
EpayCharge
If you are using the Mac or Linux versions of EpayCharge, no updates are necessary.
If you are using the Windows version of EpayCharge, you will need to download the newest Windows version of EpayCharge which can be found here.
For more information on installing new EpayCharge version 3.3 and setup click here.
Please Note: USB swipers must be encrypted to be compatible with the new EPayCharge version.
If you already have version 3.1 installed, EPayCharge will update your current version to the newest version and save your previous history.
If you already have version 3.3 installed, and you run this installer, you will be prompted to either remove the existing version or repair the existing version.
If no previous version is detected, the program will be installed normally as a new program with no history.
Browser
If you process transactions on the merchant console through your browser, you will need to verify that the browser you are using to process payments is TLS 1.2 compatible. To test your current browser compatibility you can use this third party browser testing service from Qualys' SSL Labs: https://www.ssllabs.com/ssltest/viewMyClient.html
Please Note: that this test and some others may not run successfully depending on your exact system and network configuration and should only be used as a guide.
These browsers do support the latest encryption standards:
You can also use the guide below to check to see if your current browser is compatible.
Browser | Version | TLS 1.2 Compatibility Notes |
---|---|---|
Microsoft Edge | Desktop and mobile versions | Compatible by default |
Microsoft Internet Explorer (IE) | Desktop and mobile IE version 11 | Compatible by default. |
Desktop IE versions 9 and 10 | Capable when run in Windows 7 or newer, but not by default. Click here for instructions on enabling TLS 1.2 in settings. Windows Vista and older operating systems, such as Windows XP, are not compatible with TLS 1.2 encryption. | |
Desktop IE versions 8 and below | Not compatible or stable with TLS 1.2 encryption. | |
Mozilla Firefox | Firefox 27 and higher | Compatible by default |
Firefox 23 to 26 | Capable, but not by default. Click here for instructions on enabling TLS 1.2 in settings or download the latest version listed above. | |
Firefox 22 and below | Not compatible with TLS 1.2 or higher encryption. | |
Google Chrome | Google Chrome 38 and higher | Compatible by default |
Google Chrome 22 to 37 | Capable when run in Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile). Click here for instructions on enabling TLS 1.2 in settings or download the latest version listed above. | |
Google Chrome 21 and below | Not compatible with TLS 1.2 encryption. | |
Google Android OS Browser | Android 6.0 (Marshmellow) and higher | Compatible by default |
Android 5.0 (Lollipop) and higher | Compatible by default | |
Android 4.4 (KitKat) to 4.4.4 | Capable, but not by default. | |
Android 4.3 (Jelly Bean) and below | Not compatible with TLS 1.2 encryption. | |
Apple Safari | Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher | Compatible by default |
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below | Not compatible with TLS 1.2 encryption. | |
Mobile Safari versions 5 and higher for iOS 5 and higher | Compatible by default | |
Mobile Safari for iOS 4 and below | Not compatible with TLS 1.2 encryption. |
Mobile App
If you process through the mobile app, make sure that the operating system version is compatible with TLS 1.2 (compatibility information listed below) and that the mobile app is the most recent version listed in the app store.
Operating system | Version | TLS 1.2 Compatibility Notes |
---|---|---|
Android | Android 5.0 (Lollipop) and higher | Compatible by default. If your Android version is lower than 5.0 you will need to update your Android Version to process using the mobile app. |
iOS | iOS 9 and higher | Compatible by default. If your iOS version is lower than 9.0 you will need to update your device to process using the mobile app. |